Android 4.0′s facial recognition is cool, but don’t trust it yet

I’ve always been intrigued by the idea of using facial recognition to log in to a computer. In theory, it’s the most convenient form of system security – the computer simply sees it’s you and grants access. It should be a very natural, frictionless approach.

Except that, most of the time, it’s not.

I first saw a demonstration of facial recognition from IBM in the late 1990s at Comdex, but it’s only become mainstream in the last few years. It’s common now for traditional PCs to have facial recognition, particularly notebooks with webcams built into their screens. Unfortunately, most facial recognition programs don’t work that well. I’ve yet to find a system that reliably logs me into a PC at least 90 percent of the time.

The latest version of Google’s Android software – version 4.0, or Ice Cream Sandwich – brings facial recognition to smartphones. It’s included in the Samsung Galaxy Nexus I wrote about Monday, and reviewed in my print column today. As with PC-based systems, it’s not perfect – but it’s one of the best implementations I’ve run across, at least in terms of its ability to recognize my face.

It is, however, also one of the most insecure.

As with other facial recognition systems, you must first train Android 4.0 to know what you look like. The software uses the front-facing camera to take a photo. When you turn on facial recognition unlocking, the front camera turns on and tries to match what sees with the stored image. If there’s a match, you’re logged into the phone. if not, you can log in using a PIN or Android’s pattern-tracing screen.

The software encourages you at setup to take multiple pictures. For example, if you wear glasses, snap some setup photos without them. Grab other images in different lighting. Take some holding the phone at waist level, looking down at it, and others where you’re holding it up in front of your face. The more you take, the better it becomes at matching you under various circumstances.

I’ve trained the Galaxy Nexus to the point that it logs me in about 80 percent of the time, and when it doesn’t, I’ve snapped another setup picture at that location, holding the phone in the same position at which it failed. Once I do that, it doesn’t make that mistake again.

However, it doesn’t have to actually see the real me to provide access to the phone.

I took a picture of myself with my iPhone, and then pulled that likeness up on the screen. I aimed the iPhone image at the Galaxy Nexus’ camera, and voila! The Android phone unlocked and I was granted access. This works every time I try it.

I’m not the first to discover this. A blogger attending the November unveiling of Android 4.0 posted to YouTube a video showing a picture being used to unlock the phone.

Now, Google is quite upfront about the fact that this is not a particularly secure way to lock your phone. When you begin the setup process, a screen warns you that other ways of locking the device are more secure.

Over time, Google will improve this feature so it can’t be fooled by a picture. Facial recognition is pretty cool when it works, and if I owned this phone, I’d be very tempted to use it because it’s so handy.

But given that smartphone owners put so much of their life’s information on these devices, it’s not smart to rely on facial recognition as a locking system right now. It’s just a novelty until it’s more secure.

10 Responses

It’s about convenience really. Any phone in the hands of someone else can have its data stolen. It’s unlikely that anyone stealing your phone randomly will have a picture of you to unlock the phone. They could easily mount the phone and steal all of the information on it anyways.

If someone in your life is devious enough to steal your phone and unlock it with a facebook photo, it’s probably time to drop that person as a friend..

Just an fyi- You’ll probably get more credibility if you uninstall Advanced Task Killer. It doesn’t belong on ANY Android OS, especially ICS. It’s joke that keeps getting perpetuated among the lesser informed.

Imported a GSM Unlocked version from the UK. Activated it on AT&T month to month.

Battery life is stellar. I laugh when apple devotees talk about battery life. Every phone you look at with their 3.4 inch display and brightness next to zero is their salvation. Of course, they’re stuck with that choice and no other.

I’m conviced with their new version of their phone it will never have a larger screen for the apple phone. Screen dimension won’t allow for any real increase in perceived difference to 4 inches. And the company won’t allow another attack on battery life since 4S is getting pretty bad reviews from real users in their forums.

What happens to facial recognition if your weight changes? Do you have to re-train your phone to recognize the “new you?” What about disfiguring disease or simply age? Can the software determine the difference between 2D and 3D (between a picture of you and the actual you)? The technology sounds neat, but has it been fully thought out?